Fortinet VPN add-on
The Fortinet VPN add-on provides a VPN connection running alongside your application, enabling access to institutional resources.
This add-on provides a Fortinet VPN connection that runs as a sidecar container alongside your application. It allows your application to access resources that are only available through your institution's VPN network.
Required Configuration
To use the Fortinet VPN add-on, you must configure the following secrets or environment variables. It is strongly recommended to use secrets for sensitive information like credentials and VPN addresses.
VPNADDR (Required)
The VPN server address and port in the format server:port (e.g., vpn.example.edu:443).
Best practice: Configure this as a secret in your application settings.
VPNUSER (Required)
Your institutional VPN username.
Best practice: Configure this as a secret in your application settings.
VPNPASS (Required)
Your institutional VPN password.
Best practice: Configure this as a secret in your application settings.
Fallback credentials: If VPNUSER and VPNPASS are not configured, the system will fall back to using APP_USERNAME and APP_PWD secrets. If those are also not configured, a modal dialog will prompt you for credentials at application startup.
Optional Configuration for MATLAB Users
LICENSESERVERS (Optional)
A list of MATLAB license server hostnames/IP addresses to be made available through the VPN connection.
This can be configured as an environment variable or secret in your application settings.
MLM_LICENSE_FILE (Optional)
If you are using MATLAB and need to connect to a license server through the VPN, set this environment variable to point to the license server(s) specified in LICENSESERVERS. It should take the form of a semicolon-separated list of port@host entries.
Configuration Precedence
When the same variable is defined at multiple levels, the following precedence order applies (highest to lowest priority):
Effective secrets (personal > space > organization)
Effective environment variables (personal > space > organization)
Application-level environment variables
Image-level environment variables
Sidecar-level environment variables
Fallback credentials (APP_USERNAME/APP_PWD used as VPNUSER/VPNPASS)
This means that if you set VPNADDR as both a personal secret and a space-level environment variable, the personal secret value will be used.
Startup Behavior
The startup behavior depends on whether you have configured credentials as secrets:
With Configured Secrets
If you have set VPNUSER and VPNPASS secrets (or APP_USERNAME and APP_PWD fallback secrets), the VPN connection is automatically established using those credentials when the application starts.
Without Configured Secrets
If you have not configured VPNUSER and VPNPASS (and APP_USERNAME and APP_PWD are also not set), a modal dialog will appear during application startup:
You will be prompted to enter your institutional username
You will be prompted to enter your institutional password
The credentials will be used for this session only
In both cases, the application will wait for the VPN connection to be successfully established before becoming available. During startup, you will see messages indicating that the application is waiting for the VPN sidecar to connect.
Two-Factor Authentication (2FA)
If your institution requires two-factor authentication:
A one-time password (OTP) prompt may appear during application startup
Enter your OTP code when prompted
The VPN connection will establish using the provided OTP
If the VPN connection fails due to incorrect credentials, you will need to update the VPNUSER and VPNPASS secrets with the correct values (or re-enter credentials in the modal dialog), then stop and restart the application.
Application Behavior
If you add a Fortinet VPN add-on to your application, your application will start in shared mode.
The application will not start until the VPN connection is successfully established. During startup, you will see messages indicating that the application is waiting for the VPN sidecar to connect.
Troubleshooting
If your application fails to start with the Fortinet VPN add-on:
VPN credentials missing error: Ensure that VPNUSER and VPNPASS secrets are configured. Alternatively, ensure both APP_USERNAME and APP_PWD secrets are set as fallback credentials. If neither is configured, the modal dialog will appear for credential entry.
VPN address missing error: Ensure that VPNADDR is configured as a secret or environment variable in the format
server:port.VPN connection unsuccessful: Verify that your VPNUSER and VPNPASS credentials are correct, then stop and restart the application.
2FA required: If your institution uses two-factor authentication, ensure you enter the OTP when prompted during startup.
Connection timeout: Check that VPNADDR is correctly formatted as
server:portand points to your institution's VPN server.
Last updated
Was this helpful?